{"id":42811,"date":"2026-04-12T02:19:01","date_gmt":"2026-04-12T02:19:01","guid":{"rendered":"http:\/\/localhost\/?p=42811"},"modified":"2026-04-12T02:19:01","modified_gmt":"2026-04-12T02:19:01","slug":"decolua-9router-administrative-api-endpoint-api-authorization","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=42811","title":{"rendered":"decolua 9router Administrative API Endpoint api authorization_CVE-2026-5842"},"content":{"rendered":"

{“lastseen”:””,”description”:”A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file \/api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 0.3.75 is sufficient to resolve this issue. It is suggested to upgrade the affected component.”,”published”:”2026-04-09T04:30:17.225Z”,”modified”:”2026-04-09T04:30:17.225Z”,”type”:”cve”,”title”:”decolua 9router Administrative API Endpoint api authorization”,”source”:”VulDB”,”references”:”https:\/\/vuldb.com\/vuln\/356298\\nhttps:\/\/vuldb.com\/vuln\/356298\/cti\\nhttps:\/\/vuldb.com\/submit\/790003\\nhttps:\/\/github.com\/decolua\/9router\/issues\/431\\nhttps:\/\/github.com\/decolua\/9router\/issues\/431#issuecomment-4140163867\\nhttps:\/\/github.com\/deepcat1337\/Free_Api_Exploit\/tree\/main\\nhttps:\/\/github.com\/decolua\/9router\/releases\/tag\/v0.3.75\\nhttps:\/\/github.com\/decolua\/9router\/”,”id”:”CVE-2026-5842″,”bulletinFamily”:””,”cwe”:[“CWE-639″,”CWE-285″],”cvelist”:null,”sourceData”:”decolua 9router 0.3.0\\ndecolua 9router 0.3.1\\ndecolua 9router 0.3.2\\ndecolua 9router 0.3.3\\ndecolua 9router 0.3.4\\ndecolua 9router 0.3.5\\ndecolua 9router 0.3.6\\ndecolua 9router 0.3.7\\ndecolua 9router 0.3.8\\ndecolua 9router 0.3.9\\ndecolua 9router 0.3.10\\ndecolua 9router 0.3.11\\ndecolua 9router 0.3.12\\ndecolua 9router 0.3.13\\ndecolua 9router 0.3.14\\ndecolua 9router 0.3.15\\ndecolua 9router 0.3.16\\ndecolua 9router 0.3.17\\ndecolua 9router 0.3.18\\ndecolua 9router 0.3.19\\ndecolua 9router 0.3.20\\ndecolua 9router 0.3.21\\ndecolua 9router 0.3.22\\ndecolua 9router 0.3.23\\ndecolua 9router 0.3.24\\ndecolua 9router 0.3.25\\ndecolua 9router 0.3.26\\ndecolua 9router 0.3.27\\ndecolua 9router 0.3.28\\ndecolua 9router 0.3.29\\ndecolua 9router 0.3.30\\ndecolua 9router 0.3.31\\ndecolua 9router 0.3.32\\ndecolua 9router 0.3.33\\ndecolua 9router 0.3.34\\ndecolua 9router 0.3.35\\ndecolua 9router 0.3.36\\ndecolua 9router 0.3.37\\ndecolua 9router 0.3.38\\ndecolua 9router 0.3.39\\ndecolua 9router 0.3.40\\ndecolua 9router 0.3.41\\ndecolua 9router 0.3.42\\ndecolua 9router 0.3.43\\ndecolua 9router 0.3.44\\ndecolua 9router 0.3.45\\ndecolua 9router 0.3.46\\ndecolua 9router 0.3.47″,”sourceHref”:””,”cvss”:{“score”:6.9,”severity”:”MEDIUM”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:P”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”9router”,”version”:”0.3.0″,”vendor”:”decolua”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file \/api of the…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,48,12,21,13,7,11,5],"class_list":["post-42811","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-69","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\ndecolua 9router Administrative API Endpoint api authorization_CVE-2026-5842 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=42811\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"decolua 9router Administrative API Endpoint api authorization_CVE-2026-5842 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file \/api of the...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=42811\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-12T02:19:01+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=42811#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=42811\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"decolua 9router Administrative API Endpoint api authorization_CVE-2026-5842\",\"datePublished\":\"2026-04-12T02:19:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=42811\"},\"wordCount\":340,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-6.9\",\"exploit\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=42811#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=42811\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=42811\",\"name\":\"decolua 9router Administrative API Endpoint api authorization_CVE-2026-5842 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-04-12T02:19:01+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=42811#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=42811\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=42811#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"decolua 9router Administrative API Endpoint api authorization_CVE-2026-5842\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"decolua 9router Administrative API Endpoint api authorization_CVE-2026-5842 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=42811","og_locale":"en_US","og_type":"article","og_title":"decolua 9router Administrative API Endpoint api authorization_CVE-2026-5842 - zero redgem","og_description":"{“lastseen”:””,”description”:”A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file \/api of the...","og_url":"https:\/\/zero.redgem.net\/?p=42811","og_site_name":"zero redgem","article_published_time":"2026-04-12T02:19:01+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=42811#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=42811"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"decolua 9router Administrative API Endpoint api authorization_CVE-2026-5842","datePublished":"2026-04-12T02:19:01+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=42811"},"wordCount":340,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-6.9","exploit","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=42811#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=42811","url":"https:\/\/zero.redgem.net\/?p=42811","name":"decolua 9router Administrative API Endpoint api authorization_CVE-2026-5842 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-04-12T02:19:01+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=42811#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=42811"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=42811#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"decolua 9router Administrative API Endpoint api authorization_CVE-2026-5842"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/42811","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=42811"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/42811\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=42811"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=42811"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=42811"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}